Primary

Context

Blitar Tourism Authentication Bypass Vulnerability Allowing SQL Injection

Vulnerability

An authentication bypass vulnerability has been identified in Blitar Tourism version 1.0. This vulnerability allows attackers to bypass the login mechanism by injecting SQL code through the username parameter. By manipulating the login request with crafted usernames that exploit SQL injection techniques, attackers can gain unauthorized administrative access.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to gain unauthorized administrative access to the application.

Reproduction

To reproduce this vulnerability, send a POST request to the login endpoint with a crafted username that includes SQL injection payloads, such as 'admin' followed by a SQL comment indicator. This injection exploits the application's SQL query handling, bypassing authentication and granting access as an administrator.

Added: Jan 21, 2026, 6:29 PM

Updated: Jan 21, 2026, 6:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blitar Tourism Authentication Bypass Vulnerability Allowing SQL Injection

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating